CVE-2026-21247
7.3
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.3 / Impact: 5.9
Source: secure@microsoft.com
Description
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
Affected (15)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.14393.8868 | |
| Before 10.0.17763.8389 | |
| Before 10.0.19044.6937 | |
| Before 10.0.19045.6937 | |
| Before 10.0.22631.6649 | |
| Before 10.0.26100.7781 | |
| Before 10.0.26200.7781 | |
| Before 10.0.14393.8868 | |
| Before 10.0.17763.8389 | |
| Before 10.0.20348.4711 | |
| Before 10.0.25398.2149 | |
| Before 10.0.26100.32313 |
Related CWEs
CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-20
Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
References (1)
Source: secure@microsoft.com
Vendor Advisory
Timeline
No history available yet.